Tag Archives: height

[ISN] The Biggest Cyberattack Against the US in Recent History Just Keeps Getting Worse

http://www.motherjones.com/politics/2015/09/hack-china-cyberwar-fingerprints-obama By AJ Vicens Mother Jones Sep. 23, 2015 On the eve of Chinese President Xi Jinping’s first state visit to Washington, DC, the Obama administration released alarming new numbers about one of the biggest computer hacks in American history—traceable, officials say, to China—a move that could potentially heighten tension ahead of the historic meeting. The Office of Personnel Management announced that it had substantially underestimated the number of people whose fingerprints were stolen during the attack earlier this year. About 5.6 million of 21.5 million federal employees, contractors, applicants, and others had their fingerprints stolen during a hack of the OPM’s background check databases, the agency reported Wednesday morning. That figure is higher than the 1.1 million previously reported. An interagency group including the FBI, the Department of Homeland Security, and the Department of Defense are reviewing how the fingerprint information could be used in nefarious ways, but it downplayed the immediate impact. “Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” the agency said in a statement issued Wednesday morning, as President Barack Obama and a host of dignitaries hosted Pope Francis at the White House. “However, this probability could change over time as technology evolves.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cybersecurity’s not done until the paperwork is finished

http://gcn.com/blogs/cybereye/2014/12/va-cybersecurity-documentation.aspx By William Jackson GCN.com Dec 05, 2014 The Veterans Affairs Department has been dinged once again by the Government Accountability Office for lack of follow-through in its cybersecurity operations. In a recent report, VA Needs to Address Identified Vulnerabilities, the GAO warned that unless VA’s security weaknesses are fully addressed, “its information is at heightened risk of unauthorized access, modification and disclosure, and its systems at risk of disruption.” The problem cited in the report is not so much that VA is doing a bad job securing its networks and systems, but that it has not properly documented security activities and has not developed action plans and milestones for correcting problems. Documentation and planning are more than busywork. Although it is true that checking boxes and creating reports will not by themselves improve IT security, without them it can be difficult if not impossible to assure what has been done, that it has been done properly and that it can be repeated if necessary. These processes can make the difference between constantly fighting brushfires and being able to effectively protect an agency enterprise and improve its security posture. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Personal information of almost 100, 000 people exposed through flaw on site for transcripts

http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/personal-information-of-almost-100000-people-exposed-through-flaw-on-site-for-transcripts/ By Ashkan Soltani, Julie Tate and Ellen Nakashima The Washington Post October 21, 2014 The personal information of almost 100,000 people seeking their high school transcripts was recently exposed on a Web site that helps students obtain their records. The site, NeedMyTranscript.com, facilitates requests from all 50 states and covers more than 18,000 high schools around the country, according to its Web site and company chief executive officer. The data included names, addresses, e-mail addresses, phone numbers, dates of birth, mothers’ maiden names and the last four digits of the users’ Social Security numbers. Although there is no evidence the data were stolen, privacy advocates say the availability of such basic personal information heightens the risk of identity theft. The availability of the data appears to be the result of a flaw in the way the two-year-old site was designed. It highlights how easily sensitive personal information can be exposed with the proliferation of online businesses and services – many of which do not employ adequate security practices. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Foreign Minister Julie Bishop’s phone was hacked at the height of the MH17 crisis

http://www.heraldsun.com.au/news/foreign-minister-julie-bishops-phone-was-hacked-at-the-height-of-the-mh17-crisis/story-fni0fiyv-1227026241325 By Ellen Whinnet Political Editor Herald Sun August 16, 2014 FOREIGN Affairs Minister Julie Bishop’s mobile phone was compromised while she was overseas leading tense negotiations to win access to the MH17 crash site in Ukraine. Australian intelligence officials seized Ms Bishop’s phone on her return from a two-week trip to the United States, Ukraine and Holland, having secured a deal to get Australian police into the crash area. Russian-backed rebels shot down the Malaysia Airlines flight with a surface-to-air missile on July 17, killing 298 passengers and crew, including 38 Australians. It is thought that our intelligence agencies know which country those responsible for compromising Ms Bishop’s phone were operating from. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as ‘Necessary Evil’

http://www.bloomberg.com/news/2014-07-23/the-barnaby-jack-few-knew-celebrated-hacker-saw-spotlight-as-necessary-evil-.html By Jordan Robertson Bloomberg.com July 23, 2014 When celebrated computer hacker Barnaby Jack died suddenly a year ago at the age of 35, headlines around the world touted the Steve Jobs-style pizazz he brought to cyber-security conferences and his show-stopping stunts such as breaking into ATMs and pacemakers. In hacker circles, he was known as the life of the party. But recent interviews with Jack’s family and longtime friends portray a much different person, one who was uncomfortable with being in the spotlight at the annual Black Hat and DefCon conventions, events that will miss his showmanship when they begin next week in Las Vegas. Little is known about the circumstances around Jack’s final days. A five-month investigation by the San Francisco Medical Examiner’s Office found that Jack’s death on July 25, 2013 was the result of an overdose of cocaine, heroin, and allergy and anxiety medications. What is clear is that he had conflicted feelings about fame and the heightened expectations that come with breakout success. “White hats” like Jack play a critical role in uncovering security flaws early so they can be fixed before real damage occurs. Yet few possess the combination of attributes that made Jack a star: charisma, cleverness, strong technical skills and a marketing instinct that appeals to the mainstream. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FFIEC Plans Cybersecurity Assessments

http://www.bankinfosecurity.com/ffiec-plans-cybersecurity-assessments-a-6825 By Jeffrey Roman Bank Info Security May 8, 2014 The Federal Financial Institutions Examination Council is planning cybersecurity vulnerability and risk-mitigation assessments to help smaller banking institutions address potential gaps. The effort is expected to begin later this year. The assessments will help FFIEC member agencies, such as the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp., make informed decisions about the state of cybersecurity at community institutions, address gaps and prioritize necessary actions to strengthen supervisory programs, the FFIEC says in a May 7 statement. The FFIEC’s announcement came a day before Thomas Curry, Comptroller of the Currency and chairman of the FFIEC, delivered a speech at the Risk Management Association’s Governance, Compliance and Operational Risk Conference that included a reference to new cybersecurity examination procedures the OCC expects to pilot later in the summer. “To be managed properly, operational risk issues must be viewed in terms of their impact on the entire enterprise, not merely as – to use cybersecurity as an example – an IT Issue,” Curry says. “That requires a fully integrated and comprehensive approach to risk management, which is exactly what the OCC’s heightened expectations are intended to achieve.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Most Enterprises Lack Basic Assets to Fight Off Data Theft

http://www.eweek.com/security/data-theft-a-major-concern-for-organizations.html By Nathan Eddy eWEEK.com 2014-05-01 This will not come as a surprise to most IT security people: Most enterprises lack the tools and business intelligence to protect their critical information in an optimal manner, according to new research conducted by the Ponemon Institute and sponsored by Websense. The main problems are a critical deficit of security solution effectiveness, a disconnect in executives’ perceived value of data, and limited visibility into attack activity, according to the global cyber-security report, The findings, based on the responses of IT security practitioners with an average of 10 years’ experience in the field from 15 countries, including Brazil, China, Germany, India, the United Kingdom and the United States, revealed a global consensus that security professionals need access to heightened threat intelligence and defenses. According to respondents, there is a gap between data breach perception and reality–specifically regarding the potential revenue loss to their business. Eighty percent of respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking group’s threat to Winter Olympics in Russia highlights risk of cyber-attacks on sponsor

http://www.janes.com/article/32169/hacking-group-s-threat-to-winter-olympics-in-russia-highlights-risk-of-cyber-attacks-on-sponsor IHS Jane’s Intelligence Weekly 08 January 2014 Key Points * A group calling itself the Caucasus Anonymous issued a threat on 30 December to undertake a “cyber war” against the Winter Olympics. * The group is unlikely to be able to threaten actual Games operations because of the high levels of electronic security in place and the likely lack of manpower that the Caucasus Anonymous can call upon. * Sponsors of the Games are at a heightened risk of cyber attack as part of the campaign, with the threat posed by the group likely to increase if it is able to garner greater international support, particularly if it is able to exploit perceptions of the Russian government cracking down on democratic freedoms. EVENT A hacking group calling itself the Caucasus Anonymous has threatened to conduct “cyber war” against the Sochi Winter Olympics, according to a 30 December message on a website frequently used by Islamist militants from Russia’s North Caucasus to issue claims for attacks. The two suicide bombs that struck the Russian city of Volgograd on 29 and 30 December 2013 have starkly focused the world’s attention on the security threats to the Sochi Winter Olympic Games, which begin on 7 February. Among the challenges facing the organisers (although certainly a less significant issue than the direct threat of terrorist attacks) is assessing and preparing for the likely cyber threats. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail